Skip to content

Certificate injection in Pulp containers

In OpenShift environments, it is possible to mount additional trust bundles into Pulp containers.

Pulp operator handles part of the process.

When trusted_ca: true Pulp operator will automatically create and mount a ConfigMap with the custom CA into Pulp pods, but before doing so users need to first follow the steps from Enabling the cluster-wide proxy to "register" the custom CA certificate into the cluster.


It is recommended to execute the previous steps in a maintenance window because, since this is cluster-wide modification, the cluster can get unavailable if executed wrong (some cluster operators pods will be restarted).